US Congress wants to know if new federal laws are needed to protect government employees from accidental file-sharing.
A House of Representatives oversight committee gathered on Wednesday to discuss whether government workers getting their hands on peer-to-peer software poses a risk to privacy and national security.
At issue …

COMMENTS

Lack of user responsibility?

Is it just me or are the users who install the software not personally responsible for the files and folderd they share? Install fire sharing software = files will be shared, you have to configure it for your own use not bloody default.

simples

If this hinges on whether a default installation shares files by default or not, surely it's pretty damn easy to prove whether it does or doesn't by, you know, simply installing it and seeing what happens.

The respected members of congress / the senate / whoever are surely too old for this pantomime "yes it does", "oh no it doesn't" malarkey.

yes, a software problem

did he forget email? people emailing sensitive documents is also a software problem not a user problem

don't require systems be set up securely, instead ban p2p software because it's all the p2p softwares fault when people go and change settings and mess with computers to make them insecure - i wonder how much bribery money he got paid to sprout that bullshit? and i really can't guess which company it was that bought him off...

sorry i forgot it's not bribery if you pay government officials to bullshit for you, it's just "creative accounting"

It's raining Nannies

Does a sane world _really_ need politicians & career lawyers discussing software design and implementation and threatening to "step in" with some regulation?

If you want to be on the secure side, just don't use the damn thing, or find find an implementation on the (remaining) free market that is well-designed and fulfills your security evaluation criteria. How hard can it be?

"The file-sharing software industry has shown it is unwilling..."

There is a regulation-worthy "industry" in every nice, isn't there, Mr. I-make-work-for-myself?

People are responsible for their actions

Anyone handling sensitive data needs to be comptetent enough to look after the data in their care. This isn't about Limewire or other P2P apps but encompasses much wider considerations like the use of email (including private accounts e.g. Palin), USB sticks, notebooks, PDAs, mobile phones, cameras, etc. People who can't grasp the importance of the issues involved probably should not have access to sensitive data, at least, not in a form which they can copy or otherwise disseminate.

What I don't understand is how IT policies and auditing in the organisations concerned allow users to install and run applications like Limewire on systems which can access sensitive data. Are US government systems containing classified documents really allowed to connect with the Internet and/or do they allow files to be copied to other systems or media?

No brainer really

The folk using a computer containing sensitive information for file sharing should be fired and or prosecuted. You should have a work machine and a personal machine seperately. If people are using their work machines for file sharing its not the fault of the software vendor but the idiot behind the keyboard thats at fault.

I'm pretty sure they don't need a new law for this. They could have them terminated under the anti terror laws.

Can we engineer for stoopid people

Wha....

Um.

What sort of an admin allows users full control to a point where they can install a P2P program? I've never allowed users admin access on a network i've been administering, why is the US government doing differently? If it's this much of a problem you could always prevent it from running via group policy instead of forcing the manufacturer(!) to change the default settings.

I mean seriously. Accidentally sharing a Top Secret document? Oh. Everything suddenly makes sense. This was done by a politician, or political appointee wasn't it? Anybody else they'd (quite rightly!) have crucified for negligence.

So it goes poo-tee-weet

I am sure that good Mr. Edolphus Towns committee chair is only worried about our security (think of the children) and has never taken any money from the entertainment/media industry. Yep P2P much like commie linux and the Satanical internet and its evil gambling will surely bring down western civ. I got an idea why don't they quit hiring worthless clueless employees instead. Oh wait thats right the politicans buddies and familys need jobs too.

Security?

It's always extra funny

.. when governments use their own incompetence as an argument for more control over the internet. But it's also extra sad. Especially when that control would end up in the hands of the very people who have just demonstrated they're not very good with computers. But of course it's all the software's fault. Bad software! Haha. Wonderful. :) .. :(

Another part of the problem

"The file-sharing software industry...

... has shown it is unwilling or unable to ensure user safety,"

No, the file-sharing software industry expects users or admins to use their *BRAINS* and not install (or allow to be installed) their software in ways or in places that allow access to confidential information!

Ban on P2P???

Uh Duh, there are already regs out there banning P2P on Gov puters... The problem is that admins are not locking down there machines tight enough! The problem lies in that the "tech saavy" (LoL) gov employees want way more privs than they can actually handle. Just lockem down and that will prevehttp://www.theregister.co.uk/Design/graphics/icons/comment/stop_32.pngnt most of the P2P worries but not all....

Needs admin rights to install? Maybe not

My experience of users is that they will try to install anything.. whether they have admin rights or not.

Unfortunately users not having admin rights on a Windows machine is not enough because apps such as Google Chrome/Earth and Skype install themselves in the users application data profile folder which of course unsurprisingly has full access rights for the user. I know nothing of p2p software but I suspect this type of software does the same. All we can do as sysadmins in these cases is add a 'software restriction policy' to Domain group policy when we discover a breach like this.

Who's fault is it? Microsoft's? The software creators? The users?

Can someone from Microsoft tell me what good reason there is for allowing a corporate user without administration rights to be able to install un-sanctioned software to the %appdata% folder and also can a programmer from Google or Skype tell me why they think it's a good idea to create an installer that exploits this security hole and installs files to the %appdata% folder if the user (for valid reasons) doesn't have admin rights?

What a joke

Software can partially solve the problem (block installation/block network traffic), but its nothing compared to a well enforced user agreement. I work for a company that handles patient data and although the traffic would be blocked, if we caught someone doing this they'd be shitcanned. No questions.

We couldn't do that in the goverment though! These are special people and they have to be treated as such! It wasn't his fault he installed some file sharing software and shared your social security details, it was the softwares fault! Yes yes its the 5th time hes done it, but we cant fire him over something that small! That would mean my department would get fewer tax dollars!!!!

Education not regulation

Stoopid

Who would want to put Limewire on a Gov't computer: A) they monitor everything and B) since computers are supplied by the lowest bidder, there's not enough RAM or CPU power to run even the basic applications, let alone user installed stuff.